AVI: Difference between revisions
→AVI Controller Config
(7 intermediate revisions by the same user not shown) | |||
Line 6:
Source: [https://avinetworks.com/docs/17.2/kubernetes-service-account-for-avi-vantage-authentication/ avinetworks.com]
== Kubernetes Config ==
*Create a Service Account
kubectl create serviceaccount avi -n default
*Create a Cluster Role for deploying Avi Service Engines as a pod:
nano clusterrole.json
Line 87 ⟶ 89:
</pre>
*Create the Role:
kubectl create -f clusterrole.json
*Create Cluster Role Binding
nano clusterbinding.json
<pre>
{
Line 114 ⟶ 118:
</pre>
*Apply Cluster Role Binding
kubectl create -f clusterbinding.json
*Extract the Token for Use in Avi Cloud Configuration
kubectl describe serviceaccount avi -n default
kubectl describe secret avi-token-esdf0 -n default
==
*Enter the Master IP address & Token in Cloud Config:
https://10.1.10.160:6443 ==> Kubernetes
https://10.1.10.160:8443 ==> Openshift
*Create IPAM Profiles with below subnets:
NorthSouth-IPAM(Should be route-able)
10.52.201.0/24: 10.52.201.14 - 10.52.201.30
EastWest-IPAM
172.50.0.0/16 172.50.0.10 - 172.50.0.250
*Create DNS Profiles with below domains:
NorthSouth_DNS [avi]
EastWest-DNS [avi]
*Go to Tenant '''Default''' & Check VS status
*Either Disable Kube-Proxy(which is default LB in Kubernetes) or Give it a different IP than East_West Subnet.
= Kubernetes VIP =
*Edit Deployment file:
nano deployment.yaml
<pre>
kind: Deployment
apiVersion: apps/v1beta2
metadata:
name: avitest-deployment
labels:
app: avitest
spec:
replicas: 2
selector:
matchLabels:
app: avitest
template:
metadata:
labels:
app: avitest
spec:
containers:
- name: avitest
image: avinetworks/server-os
ports:
- name: http
containerPort: 8080
protocol: TCP
</pre>
*Create the Deployment
kubectl create -f deployment.yaml
*Edit Service file:
nano service.yaml
<pre>
kind: Service
apiVersion: v1
metadata:
name: avisvc
labels:
svc: avisvc
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: avitest
</pre>
*Create the Service
kubectl create -f service.yaml
*Edit Route file:
nano route.yaml
<pre>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: avitest-route
spec:
rules:
- host: httptest
http:
paths:
- path: /
backend:
serviceName: avisvc
servicePort: 80
</pre>
*Create the Route
kubectl create -f route.yaml
* This will create a VIP in Avi in Tenant Default
*Test reachability:
curl 10.52.201.15 ==> Fails; will not hit the HTTP Request policy to fwd traffic to Pool; will hit 404 policy.
curl -H "HOST:httptest" 10.52.201.15
http://httptest
*Avi HTTP Request policies:
oshift-k8s-cloud-connector--httptest--/--
Path begins with (/)
Host Header equals 'httptest'
Content Switch:
Pool Group: httptest---aviroute-poolgroup-8080-tcp
host--path--drop--rule--httptest--[u'/']
Path does not equal (/)
Host Header equals 'httptest'
Content Switch
Status Code: 404
all-nomatch-host--drop--rule
Host Header does not equal 'httptest'
Content Switch
Status Code: 404
= OpenShift =
Line 508 ⟶ 620:
= Using Ansible =
*Use Virtual Environment:
mkdir ~/virtualenv
mkdir avisdk
Line 524 ⟶ 637:
. activate
*Install Avi SDK:
pip install avisdk==17.2.7b2
pip install avisdk
pip freeze
*Activate Virtual Environment:
cd ~/virtualenv/avisdk/
cd bin
source activate
pip install ansible
*Install Avi Roles:
ansible-galaxy -f install avinetworks.avisdk
la ~/.ansible/roles/avinetworks.avisdk/library/
ansible-
*Run Playbook:
cp /tmp/for_ansible_training.yml ~
nano ~/for_ansible_training.yml
ansible-playbook ~/for_ansible_training.yml
ansible-playbook ~/for_ansible_training.yml -vvvvv
= Ansible Playbook to Deploy VS =
|